Struct datadog_api_client::datadogV2::api::api_security_monitoring::SecurityMonitoringAPI

pub struct SecurityMonitoringAPI { /* private fields */ }

Create and manage your security rules, signals, filters, and more. See the Datadog Security page for more information.

Implementations

impl SecurityMonitoringAPI

pub fn new() -> Self

pub fn with_config(config: Configuration) -> Self

Examples found in repository

examples/v2_security-monitoring_ListSecurityFilters.rs (line 8)

async fn main() {
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api.list_security_filters().await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

examples/v2_security-monitoring_ListSecurityMonitoringSuppressions.rs (line 8)

async fn main() {
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api.list_security_monitoring_suppressions().await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

examples/v2_security-monitoring_DeleteSecurityFilter.rs (line 8)

async fn main() {
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api
        .delete_security_filter("security_filter_id".to_string())
        .await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

examples/v2_security-monitoring_ListSecurityMonitoringRules.rs (line 9)

async fn main() {
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api
        .list_security_monitoring_rules(ListSecurityMonitoringRulesOptionalParams::default())
        .await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

examples/v2_security-monitoring_ListSecurityMonitoringSignals.rs (line 9)

async fn main() {
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api
        .list_security_monitoring_signals(ListSecurityMonitoringSignalsOptionalParams::default())
        .await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

examples/v2_security-monitoring_GetSecurityMonitoringSignal.rs (line 8)

async fn main() {
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api
        .get_security_monitoring_signal(
            "AQAAAYNqUBVU4-rffwAAAABBWU5xVUJWVUFBQjJBd3ptMDdQUnF3QUE".to_string(),
        )
        .await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

Additional examples can be found in:

• examples/v2_security-monitoring_ListFindings.rs
• examples/v2_security-monitoring_GetSecurityMonitoringRule.rs
• examples/v2_security-monitoring_DeleteSecurityMonitoringRule.rs
• examples/v2_security-monitoring_ConvertExistingSecurityMonitoringRule.rs
• examples/v2_security-monitoring_GetSecurityFilter.rs
• examples/v2_security-monitoring_GetSecurityMonitoringSuppression.rs
• examples/v2_security-monitoring_DeleteSecurityFilter_555029489.rs
• examples/v2_security-monitoring_DeleteSecurityMonitoringSuppression.rs
• examples/v2_security-monitoring_ListSecurityMonitoringSignals_3960412991.rs
• examples/v2_security-monitoring_GetSecurityMonitoringRule_3370522281.rs
• examples/v2_security-monitoring_ListFindings_3865842421.rs
• examples/v2_security-monitoring_GetFinding.rs
• examples/v2_security-monitoring_EditSecurityMonitoringSignalIncidents.rs
• examples/v2_security-monitoring_EditSecurityMonitoringSignalAssignee.rs
• examples/v2_security-monitoring_EditSecurityMonitoringSignalState.rs
• examples/v2_security-monitoring_UpdateSecurityMonitoringSuppression.rs
• examples/v2_security-monitoring_CreateSecurityFilter.rs
• examples/v2_security-monitoring_MuteFindings.rs
• examples/v2_security-monitoring_UpdateSecurityFilter.rs
• examples/v2_security-monitoring_CreateSecurityMonitoringSuppression_3192265332.rs
• examples/v2_security-monitoring_CreateSecurityMonitoringSuppression.rs
• examples/v2_security-monitoring_TestExistingSecurityMonitoringRule.rs
• examples/v2_security-monitoring_SearchSecurityMonitoringSignals_1309350146.rs
• examples/v2_security-monitoring_SearchSecurityMonitoringSignals.rs
• examples/v2_security-monitoring_CreateSecurityMonitoringRule.rs
• examples/v2_security-monitoring_CreateSecurityMonitoringRule_498211763.rs
• examples/v2_security-monitoring_ConvertSecurityMonitoringRuleFromJSONToTerraform.rs
• examples/v2_security-monitoring_UpdateSecurityMonitoringRule.rs
• examples/v2_security-monitoring_ValidateSecurityMonitoringRule.rs
• examples/v2_security-monitoring_CreateSecurityMonitoringRule_461183901.rs
• examples/v2_security-monitoring_CreateSecurityMonitoringRule_914562040.rs
• examples/v2_security-monitoring_CreateSecurityMonitoringRule_3367706049.rs
• examples/v2_security-monitoring_UpdateSecurityMonitoringRule_428087276.rs
• examples/v2_security-monitoring_TestSecurityMonitoringRule.rs
• examples/v2_security-monitoring_CreateSecurityMonitoringRule_1092490364.rs

pub fn with_client_and_config( config: Configuration, client: ClientWithMiddleware, ) -> Self

pub async fn convert_existing_security_monitoring_rule( &self, rule_id: String, ) -> Result<SecurityMonitoringRuleConvertResponse, Error<ConvertExistingSecurityMonitoringRuleError>>

Convert an existing rule from JSON to Terraform for datadog provider resource datadog_security_monitoring_rule.

Examples found in repository

examples/v2_security-monitoring_ConvertExistingSecurityMonitoringRule.rs (line 12)

async fn main() {
    // there is a valid "security_rule" in the system
    let security_rule_id = std::env::var("SECURITY_RULE_ID").unwrap();
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api
        .convert_existing_security_monitoring_rule(security_rule_id.clone())
        .await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

pub async fn convert_existing_security_monitoring_rule_with_http_info( &self, rule_id: String, ) -> Result<ResponseContent<SecurityMonitoringRuleConvertResponse>, Error<ConvertExistingSecurityMonitoringRuleError>>

Convert an existing rule from JSON to Terraform for datadog provider resource datadog_security_monitoring_rule.

pub async fn convert_security_monitoring_rule_from_json_to_terraform( &self, body: SecurityMonitoringRuleConvertPayload, ) -> Result<SecurityMonitoringRuleConvertResponse, Error<ConvertSecurityMonitoringRuleFromJSONToTerraformError>>

Convert a rule that doesn’t (yet) exist from JSON to Terraform for datadog provider resource datadog_security_monitoring_rule.

Examples found in repository

examples/v2_security-monitoring_ConvertSecurityMonitoringRuleFromJSONToTerraform.rs (line 48)

async fn main() {
    let body =
        SecurityMonitoringRuleConvertPayload::SecurityMonitoringStandardRulePayload(Box::new(
            SecurityMonitoringStandardRulePayload::new(
                vec![
                    SecurityMonitoringRuleCaseCreate::new(SecurityMonitoringRuleSeverity::INFO)
                        .condition("a > 0".to_string())
                        .name("".to_string())
                        .notifications(vec![]),
                ],
                true,
                "Test rule".to_string(),
                "Example-Security-Monitoring".to_string(),
                SecurityMonitoringRuleOptions::new()
                    .evaluation_window(SecurityMonitoringRuleEvaluationWindow::FIFTEEN_MINUTES)
                    .keep_alive(SecurityMonitoringRuleKeepAlive::ONE_HOUR)
                    .max_signal_duration(SecurityMonitoringRuleMaxSignalDuration::ONE_DAY),
                vec![SecurityMonitoringStandardRuleQuery::new()
                    .aggregation(SecurityMonitoringRuleQueryAggregation::COUNT)
                    .distinct_fields(vec![])
                    .group_by_fields(vec![])
                    .metric("".to_string())
                    .query("@test:true".to_string())],
            )
            .filters(vec![])
            .tags(vec![])
            .type_(SecurityMonitoringRuleTypeCreate::LOG_DETECTION),
        ));
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api
        .convert_security_monitoring_rule_from_json_to_terraform(body)
        .await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

pub async fn convert_security_monitoring_rule_from_json_to_terraform_with_http_info( &self, body: SecurityMonitoringRuleConvertPayload, ) -> Result<ResponseContent<SecurityMonitoringRuleConvertResponse>, Error<ConvertSecurityMonitoringRuleFromJSONToTerraformError>>

Convert a rule that doesn’t (yet) exist from JSON to Terraform for datadog provider resource datadog_security_monitoring_rule.

pub async fn create_security_filter( &self, body: SecurityFilterCreateRequest, ) -> Result<SecurityFilterResponse, Error<CreateSecurityFilterError>>

Create a security filter.

See the security filter guide for more examples.

Examples found in repository

examples/v2_security-monitoring_CreateSecurityFilter.rs (line 28)

async fn main() {
    let body = SecurityFilterCreateRequest::new(SecurityFilterCreateData::new(
        SecurityFilterCreateAttributes::new(
            vec![SecurityFilterExclusionFilter::new(
                "Exclude staging".to_string(),
                "source:staging".to_string(),
            )],
            SecurityFilterFilteredDataType::LOGS,
            true,
            "Example-Security-Monitoring".to_string(),
            "service:ExampleSecurityMonitoring".to_string(),
        ),
        SecurityFilterType::SECURITY_FILTERS,
    ));
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api.create_security_filter(body).await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

pub async fn create_security_filter_with_http_info( &self, body: SecurityFilterCreateRequest, ) -> Result<ResponseContent<SecurityFilterResponse>, Error<CreateSecurityFilterError>>

Create a security filter.

See the security filter guide for more examples.

pub async fn create_security_monitoring_rule( &self, body: SecurityMonitoringRuleCreatePayload, ) -> Result<SecurityMonitoringRuleResponse, Error<CreateSecurityMonitoringRuleError>>

Create a detection rule.

Examples found in repository

examples/v2_security-monitoring_CreateSecurityMonitoringRule.rs (line 47)

async fn main() {
    let body =
        SecurityMonitoringRuleCreatePayload::SecurityMonitoringStandardRuleCreatePayload(Box::new(
            SecurityMonitoringStandardRuleCreatePayload::new(
                vec![
                    SecurityMonitoringRuleCaseCreate::new(SecurityMonitoringRuleSeverity::INFO)
                        .condition("a > 0".to_string())
                        .name("".to_string())
                        .notifications(vec![]),
                ],
                true,
                "Test rule".to_string(),
                "Example-Security-Monitoring".to_string(),
                SecurityMonitoringRuleOptions::new()
                    .evaluation_window(SecurityMonitoringRuleEvaluationWindow::FIFTEEN_MINUTES)
                    .keep_alive(SecurityMonitoringRuleKeepAlive::ONE_HOUR)
                    .max_signal_duration(SecurityMonitoringRuleMaxSignalDuration::ONE_DAY),
                vec![SecurityMonitoringStandardRuleQuery::new()
                    .aggregation(SecurityMonitoringRuleQueryAggregation::COUNT)
                    .distinct_fields(vec![])
                    .group_by_fields(vec![])
                    .metric("".to_string())
                    .query("@test:true".to_string())],
            )
            .filters(vec![])
            .tags(vec![])
            .type_(SecurityMonitoringRuleTypeCreate::LOG_DETECTION),
        ));
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api.create_security_monitoring_rule(body).await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

examples/v2_security-monitoring_CreateSecurityMonitoringRule_498211763.rs (line 47)

async fn main() {
    let body =
        SecurityMonitoringRuleCreatePayload::SecurityMonitoringStandardRuleCreatePayload(Box::new(
            SecurityMonitoringStandardRuleCreatePayload::new(
                vec![
                    SecurityMonitoringRuleCaseCreate::new(SecurityMonitoringRuleSeverity::INFO)
                        .condition("a > 0".to_string())
                        .name("".to_string())
                        .notifications(vec![]),
                ],
                true,
                "Test rule".to_string(),
                "Example-Security-Monitoring".to_string(),
                SecurityMonitoringRuleOptions::new()
                    .evaluation_window(SecurityMonitoringRuleEvaluationWindow::FIFTEEN_MINUTES)
                    .keep_alive(SecurityMonitoringRuleKeepAlive::ONE_HOUR)
                    .max_signal_duration(SecurityMonitoringRuleMaxSignalDuration::ONE_DAY),
                vec![SecurityMonitoringStandardRuleQuery::new()
                    .aggregation(SecurityMonitoringRuleQueryAggregation::COUNT)
                    .distinct_fields(vec![])
                    .group_by_fields(vec![])
                    .metric("".to_string())
                    .query("@test:true".to_string())],
            )
            .filters(vec![])
            .tags(vec![])
            .type_(SecurityMonitoringRuleTypeCreate::WORKLOAD_SECURITY),
        ));
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api.create_security_monitoring_rule(body).await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

examples/v2_security-monitoring_CreateSecurityMonitoringRule_461183901.rs (line 54)

async fn main() {
    let body =
        SecurityMonitoringRuleCreatePayload::SecurityMonitoringStandardRuleCreatePayload(Box::new(
            SecurityMonitoringStandardRuleCreatePayload::new(
                vec![
                    SecurityMonitoringRuleCaseCreate::new(SecurityMonitoringRuleSeverity::INFO)
                        .name("".to_string())
                        .notifications(vec![]),
                ],
                true,
                "test".to_string(),
                "Example-Security-Monitoring".to_string(),
                SecurityMonitoringRuleOptions::new()
                    .detection_method(SecurityMonitoringRuleDetectionMethod::IMPOSSIBLE_TRAVEL)
                    .evaluation_window(SecurityMonitoringRuleEvaluationWindow::FIFTEEN_MINUTES)
                    .impossible_travel_options(
                        SecurityMonitoringRuleImpossibleTravelOptions::new()
                            .baseline_user_locations(false),
                    )
                    .keep_alive(SecurityMonitoringRuleKeepAlive::ONE_HOUR)
                    .max_signal_duration(SecurityMonitoringRuleMaxSignalDuration::ONE_DAY),
                vec![SecurityMonitoringStandardRuleQuery::new()
                    .aggregation(SecurityMonitoringRuleQueryAggregation::GEO_DATA)
                    .distinct_fields(vec![])
                    .group_by_fields(vec!["@usr.id".to_string()])
                    .metric("@network.client.geoip".to_string())
                    .query("*".to_string())],
            )
            .filters(vec![])
            .has_extended_title(true)
            .tags(vec![])
            .type_(SecurityMonitoringRuleTypeCreate::LOG_DETECTION),
        ));
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api.create_security_monitoring_rule(body).await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

examples/v2_security-monitoring_CreateSecurityMonitoringRule_914562040.rs (line 55)

async fn main() {
    // there is a valid "security_rule" in the system
    let security_rule_id = std::env::var("SECURITY_RULE_ID").unwrap();

    // there is a valid "security_rule_bis" in the system
    let security_rule_bis_id = std::env::var("SECURITY_RULE_BIS_ID").unwrap();
    let body =
        SecurityMonitoringRuleCreatePayload::SecurityMonitoringSignalRuleCreatePayload(Box::new(
            SecurityMonitoringSignalRuleCreatePayload::new(
                vec![
                    SecurityMonitoringRuleCaseCreate::new(SecurityMonitoringRuleSeverity::INFO)
                        .condition("a > 0 && b > 0".to_string())
                        .name("".to_string())
                        .notifications(vec![]),
                ],
                true,
                "Test signal correlation rule".to_string(),
                "Example-Security-Monitoring_signal_rule".to_string(),
                SecurityMonitoringRuleOptions::new()
                    .evaluation_window(SecurityMonitoringRuleEvaluationWindow::FIFTEEN_MINUTES)
                    .keep_alive(SecurityMonitoringRuleKeepAlive::ONE_HOUR)
                    .max_signal_duration(SecurityMonitoringRuleMaxSignalDuration::ONE_DAY),
                vec![
                    SecurityMonitoringSignalRuleQuery::new(security_rule_id.clone())
                        .aggregation(SecurityMonitoringRuleQueryAggregation::EVENT_COUNT)
                        .correlated_by_fields(vec!["host".to_string()])
                        .correlated_query_index(1),
                    SecurityMonitoringSignalRuleQuery::new(security_rule_bis_id.clone())
                        .aggregation(SecurityMonitoringRuleQueryAggregation::EVENT_COUNT)
                        .correlated_by_fields(vec!["host".to_string()]),
                ],
            )
            .filters(vec![])
            .tags(vec![])
            .type_(SecurityMonitoringSignalRuleType::SIGNAL_CORRELATION),
        ));
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api.create_security_monitoring_rule(body).await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

examples/v2_security-monitoring_CreateSecurityMonitoringRule_3367706049.rs (line 60)

async fn main() {
    let body =
        SecurityMonitoringRuleCreatePayload::SecurityMonitoringStandardRuleCreatePayload(Box::new(
            SecurityMonitoringStandardRuleCreatePayload::new(
                vec![],
                true,
                "This is a third party rule".to_string(),
                "Example-Security-Monitoring".to_string(),
                SecurityMonitoringRuleOptions::new()
                    .detection_method(SecurityMonitoringRuleDetectionMethod::THIRD_PARTY)
                    .keep_alive(SecurityMonitoringRuleKeepAlive::ZERO_MINUTES)
                    .max_signal_duration(SecurityMonitoringRuleMaxSignalDuration::TEN_MINUTES)
                    .third_party_rule_options(
                        SecurityMonitoringRuleThirdPartyOptions::new()
                            .default_status(SecurityMonitoringRuleSeverity::INFO)
                            .root_queries(vec![
                                SecurityMonitoringThirdPartyRootQuery::new()
                                    .group_by_fields(vec!["instance-id".to_string()])
                                    .query("source:guardduty @details.alertType:*EC2*".to_string()),
                                SecurityMonitoringThirdPartyRootQuery::new()
                                    .group_by_fields(vec![])
                                    .query("source:guardduty".to_string()),
                            ]),
                    ),
                vec![],
            )
            .third_party_cases(vec![
                SecurityMonitoringThirdPartyRuleCaseCreate::new(
                    SecurityMonitoringRuleSeverity::HIGH,
                )
                .name("high".to_string())
                .query("status:error".to_string()),
                SecurityMonitoringThirdPartyRuleCaseCreate::new(
                    SecurityMonitoringRuleSeverity::LOW,
                )
                .name("low".to_string())
                .query("status:info".to_string()),
            ])
            .type_(SecurityMonitoringRuleTypeCreate::LOG_DETECTION),
        ));
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api.create_security_monitoring_rule(body).await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

examples/v2_security-monitoring_CreateSecurityMonitoringRule_1092490364.rs (line 82)

async fn main() {
    let body =
        SecurityMonitoringRuleCreatePayload::CloudConfigurationRuleCreatePayload(
            Box::new(
                CloudConfigurationRuleCreatePayload::new(
                    vec![
                        CloudConfigurationRuleCaseCreate::new(
                            SecurityMonitoringRuleSeverity::INFO,
                        ).notifications(vec!["channel".to_string()])
                    ],
                    CloudConfigurationRuleComplianceSignalOptions::new()
                        .user_activation_status(Some(true))
                        .user_group_by_fields(Some(vec!["@account_id".to_string()])),
                    false,
                    "ddd".to_string(),
                    "Example-Security-Monitoring_cloud".to_string(),
                    CloudConfigurationRuleOptions::new(
                        CloudConfigurationComplianceRuleOptions::new()
                            .complex_rule(false)
                            .rego_rule(
                                CloudConfigurationRegoRule::new(
                                    r#"package datadog

import data.datadog.output as dd_output

import future.keywords.contains
import future.keywords.if
import future.keywords.in

milliseconds_in_a_day := ((1000 * 60) * 60) * 24

eval(iam_service_account_key) = "skip" if {
	iam_service_account_key.disabled
} else = "pass" if {
	(iam_service_account_key.resource_seen_at / milliseconds_in_a_day) - (iam_service_account_key.valid_after_time / milliseconds_in_a_day) <= 90
} else = "fail"

# This part remains unchanged for all rules
results contains result if {
	some resource in input.resources[input.main_resource_type]
	result := dd_output.format(resource, eval(resource))
}
"#.to_string(),
                                    vec!["gcp_compute_disk".to_string()],
                                ),
                            )
                            .resource_type("gcp_compute_disk".to_string()),
                    ),
                )
                    .filters(
                        vec![
                            SecurityMonitoringFilter::new()
                                .action(SecurityMonitoringFilterAction::REQUIRE)
                                .query("resource_id:helo*".to_string()),
                            SecurityMonitoringFilter::new()
                                .action(SecurityMonitoringFilterAction::SUPPRESS)
                                .query("control:helo*".to_string())
                        ],
                    )
                    .tags(vec!["my:tag".to_string()])
                    .type_(CloudConfigurationRuleType::CLOUD_CONFIGURATION),
            ),
        );
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api.create_security_monitoring_rule(body).await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

pub async fn create_security_monitoring_rule_with_http_info( &self, body: SecurityMonitoringRuleCreatePayload, ) -> Result<ResponseContent<SecurityMonitoringRuleResponse>, Error<CreateSecurityMonitoringRuleError>>

Create a detection rule.

pub async fn create_security_monitoring_suppression( &self, body: SecurityMonitoringSuppressionCreateRequest, ) -> Result<SecurityMonitoringSuppressionResponse, Error<CreateSecurityMonitoringSuppressionError>>

Create a new suppression rule.

Examples found in repository

examples/v2_security-monitoring_CreateSecurityMonitoringSuppression_3192265332.rs (line 28)

async fn main() {
    let body = SecurityMonitoringSuppressionCreateRequest::new(
        SecurityMonitoringSuppressionCreateData::new(
            SecurityMonitoringSuppressionCreateAttributes::new(
                true,
                "Example-Security-Monitoring".to_string(),
                "type:log_detection source:cloudtrail".to_string(),
            )
            .data_exclusion_query("account_id:12345".to_string())
            .description(
                "This rule suppresses low-severity signals in staging environments.".to_string(),
            )
            .expiration_date(1638443471000),
            SecurityMonitoringSuppressionType::SUPPRESSIONS,
        ),
    );
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api.create_security_monitoring_suppression(body).await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

examples/v2_security-monitoring_CreateSecurityMonitoringSuppression.rs (line 28)

async fn main() {
    let body = SecurityMonitoringSuppressionCreateRequest::new(
        SecurityMonitoringSuppressionCreateData::new(
            SecurityMonitoringSuppressionCreateAttributes::new(
                true,
                "Example-Security-Monitoring".to_string(),
                "type:log_detection source:cloudtrail".to_string(),
            )
            .description(
                "This rule suppresses low-severity signals in staging environments.".to_string(),
            )
            .expiration_date(1638443471000)
            .suppression_query("env:staging status:low".to_string()),
            SecurityMonitoringSuppressionType::SUPPRESSIONS,
        ),
    );
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api.create_security_monitoring_suppression(body).await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

pub async fn create_security_monitoring_suppression_with_http_info( &self, body: SecurityMonitoringSuppressionCreateRequest, ) -> Result<ResponseContent<SecurityMonitoringSuppressionResponse>, Error<CreateSecurityMonitoringSuppressionError>>

Create a new suppression rule.

pub async fn delete_security_filter( &self, security_filter_id: String, ) -> Result<(), Error<DeleteSecurityFilterError>>

Delete a specific security filter.

Examples found in repository

examples/v2_security-monitoring_DeleteSecurityFilter.rs (line 10)

async fn main() {
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api
        .delete_security_filter("security_filter_id".to_string())
        .await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

examples/v2_security-monitoring_DeleteSecurityFilter_555029489.rs (line 12)

async fn main() {
    // there is a valid "security_filter" in the system
    let security_filter_data_id = std::env::var("SECURITY_FILTER_DATA_ID").unwrap();
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api
        .delete_security_filter(security_filter_data_id.clone())
        .await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

pub async fn delete_security_filter_with_http_info( &self, security_filter_id: String, ) -> Result<ResponseContent<()>, Error<DeleteSecurityFilterError>>

Delete a specific security filter.

pub async fn delete_security_monitoring_rule( &self, rule_id: String, ) -> Result<(), Error<DeleteSecurityMonitoringRuleError>>

Delete an existing rule. Default rules cannot be deleted.

Examples found in repository

examples/v2_security-monitoring_DeleteSecurityMonitoringRule.rs (line 12)

async fn main() {
    // there is a valid "security_rule" in the system
    let security_rule_id = std::env::var("SECURITY_RULE_ID").unwrap();
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api
        .delete_security_monitoring_rule(security_rule_id.clone())
        .await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

pub async fn delete_security_monitoring_rule_with_http_info( &self, rule_id: String, ) -> Result<ResponseContent<()>, Error<DeleteSecurityMonitoringRuleError>>

Delete an existing rule. Default rules cannot be deleted.

pub async fn delete_security_monitoring_suppression( &self, suppression_id: String, ) -> Result<(), Error<DeleteSecurityMonitoringSuppressionError>>

Delete a specific suppression rule.

Examples found in repository

examples/v2_security-monitoring_DeleteSecurityMonitoringSuppression.rs (line 12)

async fn main() {
    // there is a valid "suppression" in the system
    let suppression_data_id = std::env::var("SUPPRESSION_DATA_ID").unwrap();
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api
        .delete_security_monitoring_suppression(suppression_data_id.clone())
        .await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

pub async fn delete_security_monitoring_suppression_with_http_info( &self, suppression_id: String, ) -> Result<ResponseContent<()>, Error<DeleteSecurityMonitoringSuppressionError>>

Delete a specific suppression rule.

pub async fn edit_security_monitoring_signal_assignee( &self, signal_id: String, body: SecurityMonitoringSignalAssigneeUpdateRequest, ) -> Result<SecurityMonitoringSignalTriageUpdateResponse, Error<EditSecurityMonitoringSignalAssigneeError>>

Modify the triage assignee of a security signal.

Examples found in repository

examples/v2_security-monitoring_EditSecurityMonitoringSignalAssignee.rs (lines 21-24)

async fn main() {
    let body = SecurityMonitoringSignalAssigneeUpdateRequest::new(
        SecurityMonitoringSignalAssigneeUpdateData::new(
            SecurityMonitoringSignalAssigneeUpdateAttributes::new(
                SecurityMonitoringTriageUser::new("".to_string()),
            ),
        ),
    );
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api
        .edit_security_monitoring_signal_assignee(
            "AQAAAYG1bl5K4HuUewAAAABBWUcxYmw1S0FBQmt2RmhRN0V4ZUVnQUE".to_string(),
            body,
        )
        .await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

pub async fn edit_security_monitoring_signal_assignee_with_http_info( &self, signal_id: String, body: SecurityMonitoringSignalAssigneeUpdateRequest, ) -> Result<ResponseContent<SecurityMonitoringSignalTriageUpdateResponse>, Error<EditSecurityMonitoringSignalAssigneeError>>

Modify the triage assignee of a security signal.

pub async fn edit_security_monitoring_signal_incidents( &self, signal_id: String, body: SecurityMonitoringSignalIncidentsUpdateRequest, ) -> Result<SecurityMonitoringSignalTriageUpdateResponse, Error<EditSecurityMonitoringSignalIncidentsError>>

Change the related incidents for a security signal.

Examples found in repository

examples/v2_security-monitoring_EditSecurityMonitoringSignalIncidents.rs (lines 18-21)

async fn main() {
    let body = SecurityMonitoringSignalIncidentsUpdateRequest::new(
        SecurityMonitoringSignalIncidentsUpdateData::new(
            SecurityMonitoringSignalIncidentsUpdateAttributes::new(vec![2066]),
        ),
    );
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api
        .edit_security_monitoring_signal_incidents(
            "AQAAAYG1bl5K4HuUewAAAABBWUcxYmw1S0FBQmt2RmhRN0V4ZUVnQUE".to_string(),
            body,
        )
        .await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

pub async fn edit_security_monitoring_signal_incidents_with_http_info( &self, signal_id: String, body: SecurityMonitoringSignalIncidentsUpdateRequest, ) -> Result<ResponseContent<SecurityMonitoringSignalTriageUpdateResponse>, Error<EditSecurityMonitoringSignalIncidentsError>>

Change the related incidents for a security signal.

pub async fn edit_security_monitoring_signal_state( &self, signal_id: String, body: SecurityMonitoringSignalStateUpdateRequest, ) -> Result<SecurityMonitoringSignalTriageUpdateResponse, Error<EditSecurityMonitoringSignalStateError>>

Change the triage state of a security signal.

Examples found in repository

examples/v2_security-monitoring_EditSecurityMonitoringSignalState.rs (lines 21-24)

async fn main() {
    let body = SecurityMonitoringSignalStateUpdateRequest::new(
        SecurityMonitoringSignalStateUpdateData::new(
            SecurityMonitoringSignalStateUpdateAttributes::new(SecurityMonitoringSignalState::OPEN)
                .archive_reason(SecurityMonitoringSignalArchiveReason::NONE),
        ),
    );
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api
        .edit_security_monitoring_signal_state(
            "AQAAAYG1bl5K4HuUewAAAABBWUcxYmw1S0FBQmt2RmhRN0V4ZUVnQUE".to_string(),
            body,
        )
        .await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

pub async fn edit_security_monitoring_signal_state_with_http_info( &self, signal_id: String, body: SecurityMonitoringSignalStateUpdateRequest, ) -> Result<ResponseContent<SecurityMonitoringSignalTriageUpdateResponse>, Error<EditSecurityMonitoringSignalStateError>>

Change the triage state of a security signal.

pub async fn get_finding( &self, finding_id: String, params: GetFindingOptionalParams, ) -> Result<GetFindingResponse, Error<GetFindingError>>

Returns a single finding with message and resource configuration.

Examples found in repository

examples/v2_security-monitoring_GetFinding.rs (lines 13-16)

async fn main() {
    let mut configuration = datadog::Configuration::new();
    configuration.set_unstable_operation_enabled("v2.GetFinding", true);
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp =
        api
            .get_finding(
                "AgAAAYd59gjghzF52gAAAAAAAAAYAAAAAEFZZDU5Z2pnQUFCRTRvV1lFeEo4SlFBQQAAACQAAAAAMDE4NzdhMDEtMDRiYS00NTZlLWFmMzMtNTIxNmNkNjVlNDMz".to_string(),
                GetFindingOptionalParams::default(),
            )
            .await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

pub async fn get_finding_with_http_info( &self, finding_id: String, params: GetFindingOptionalParams, ) -> Result<ResponseContent<GetFindingResponse>, Error<GetFindingError>>

Returns a single finding with message and resource configuration.

pub async fn get_security_filter( &self, security_filter_id: String, ) -> Result<SecurityFilterResponse, Error<GetSecurityFilterError>>

Get the details of a specific security filter.

See the security filter guide for more examples.

Examples found in repository

examples/v2_security-monitoring_GetSecurityFilter.rs (line 12)

async fn main() {
    // there is a valid "security_filter" in the system
    let security_filter_data_id = std::env::var("SECURITY_FILTER_DATA_ID").unwrap();
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api
        .get_security_filter(security_filter_data_id.clone())
        .await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

pub async fn get_security_filter_with_http_info( &self, security_filter_id: String, ) -> Result<ResponseContent<SecurityFilterResponse>, Error<GetSecurityFilterError>>

Get the details of a specific security filter.

See the security filter guide for more examples.

pub async fn get_security_monitoring_rule( &self, rule_id: String, ) -> Result<SecurityMonitoringRuleResponse, Error<GetSecurityMonitoringRuleError>>

Get a rule’s details.

Examples found in repository

examples/v2_security-monitoring_GetSecurityMonitoringRule.rs (line 12)

async fn main() {
    // there is a valid "security_rule" in the system
    let security_rule_id = std::env::var("SECURITY_RULE_ID").unwrap();
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api
        .get_security_monitoring_rule(security_rule_id.clone())
        .await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

examples/v2_security-monitoring_GetSecurityMonitoringRule_3370522281.rs (line 12)

async fn main() {
    // there is a valid "cloud_configuration_rule" in the system
    let cloud_configuration_rule_id = std::env::var("CLOUD_CONFIGURATION_RULE_ID").unwrap();
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api
        .get_security_monitoring_rule(cloud_configuration_rule_id.clone())
        .await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

pub async fn get_security_monitoring_rule_with_http_info( &self, rule_id: String, ) -> Result<ResponseContent<SecurityMonitoringRuleResponse>, Error<GetSecurityMonitoringRuleError>>

Get a rule’s details.

pub async fn get_security_monitoring_signal( &self, signal_id: String, ) -> Result<SecurityMonitoringSignalResponse, Error<GetSecurityMonitoringSignalError>>

Get a signal’s details.

Examples found in repository

examples/v2_security-monitoring_GetSecurityMonitoringSignal.rs (lines 10-12)

async fn main() {
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api
        .get_security_monitoring_signal(
            "AQAAAYNqUBVU4-rffwAAAABBWU5xVUJWVUFBQjJBd3ptMDdQUnF3QUE".to_string(),
        )
        .await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

pub async fn get_security_monitoring_signal_with_http_info( &self, signal_id: String, ) -> Result<ResponseContent<SecurityMonitoringSignalResponse>, Error<GetSecurityMonitoringSignalError>>

Get a signal’s details.

pub async fn get_security_monitoring_suppression( &self, suppression_id: String, ) -> Result<SecurityMonitoringSuppressionResponse, Error<GetSecurityMonitoringSuppressionError>>

Get the details of a specific suppression rule.

Examples found in repository

examples/v2_security-monitoring_GetSecurityMonitoringSuppression.rs (line 12)

async fn main() {
    // there is a valid "suppression" in the system
    let suppression_data_id = std::env::var("SUPPRESSION_DATA_ID").unwrap();
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api
        .get_security_monitoring_suppression(suppression_data_id.clone())
        .await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

pub async fn get_security_monitoring_suppression_with_http_info( &self, suppression_id: String, ) -> Result<ResponseContent<SecurityMonitoringSuppressionResponse>, Error<GetSecurityMonitoringSuppressionError>>

Get the details of a specific suppression rule.

pub async fn list_findings( &self, params: ListFindingsOptionalParams, ) -> Result<ListFindingsResponse, Error<ListFindingsError>>

Get a list of CSPM findings.

Filtering

Filters can be applied by appending query parameters to the URL.

• Using a single filter: ?filter[attribute_key]=attribute_value
• Chaining filters: ?filter[attribute_key]=attribute_value&filter[attribute_key]=attribute_value...
• Filtering on tags: ?filter[tags]=tag_key:tag_value&filter[tags]=tag_key_2:tag_value_2

Here, attribute_key can be any of the filter keys described further below.

Query parameters of type integer support comparison operators (>, >=, <, <=). This is particularly useful when filtering by evaluation_changed_at or resource_discovery_timestamp. For example: ?filter[evaluation_changed_at]=>20123123121.

You can also use the negation operator on strings. For example, use filter[resource_type]=-aws* to filter for any non-AWS resources.

The operator must come after the equal sign. For example, to filter with the >= operator, add the operator after the equal sign: filter[evaluation_changed_at]=>=1678809373257.

Query parameters must be only among the documented ones and with values of correct types. Duplicated query parameters (e.g. filter[status]=low&filter[status]=info) are not allowed.

Response

The response includes an array of finding objects, pagination metadata, and a count of items that match the query.

Each finding object contains the following:

• The finding ID that can be used in a GetFinding request to retrieve the full finding details.
• Core attributes, including status, evaluation, high-level resource details, muted state, and rule details.
• evaluation_changed_at and resource_discovery_date time stamps.
• An array of associated tags.

Examples found in repository

examples/v2_security-monitoring_ListFindings.rs (line 12)

async fn main() {
    let mut configuration = datadog::Configuration::new();
    configuration.set_unstable_operation_enabled("v2.ListFindings", true);
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api
        .list_findings(ListFindingsOptionalParams::default())
        .await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

pub fn list_findings_with_pagination( &self, params: ListFindingsOptionalParams, ) -> impl Stream<Item = Result<Finding, Error<ListFindingsError>>> + '_

Examples found in repository

examples/v2_security-monitoring_ListFindings_3865842421.rs (line 13)

async fn main() {
    let mut configuration = datadog::Configuration::new();
    configuration.set_unstable_operation_enabled("v2.ListFindings", true);
    let api = SecurityMonitoringAPI::with_config(configuration);
    let response = api.list_findings_with_pagination(ListFindingsOptionalParams::default());
    pin_mut!(response);
    while let Some(resp) = response.next().await {
        if let Ok(value) = resp {
            println!("{:#?}", value);
        } else {
            println!("{:#?}", resp.unwrap_err());
        }
    }
}

pub async fn list_findings_with_http_info( &self, params: ListFindingsOptionalParams, ) -> Result<ResponseContent<ListFindingsResponse>, Error<ListFindingsError>>

Get a list of CSPM findings.

Filtering

Filters can be applied by appending query parameters to the URL.

• Using a single filter: ?filter[attribute_key]=attribute_value
• Chaining filters: ?filter[attribute_key]=attribute_value&filter[attribute_key]=attribute_value...
• Filtering on tags: ?filter[tags]=tag_key:tag_value&filter[tags]=tag_key_2:tag_value_2

Here, attribute_key can be any of the filter keys described further below.

Query parameters of type integer support comparison operators (>, >=, <, <=). This is particularly useful when filtering by evaluation_changed_at or resource_discovery_timestamp. For example: ?filter[evaluation_changed_at]=>20123123121.

You can also use the negation operator on strings. For example, use filter[resource_type]=-aws* to filter for any non-AWS resources.

The operator must come after the equal sign. For example, to filter with the >= operator, add the operator after the equal sign: filter[evaluation_changed_at]=>=1678809373257.

Query parameters must be only among the documented ones and with values of correct types. Duplicated query parameters (e.g. filter[status]=low&filter[status]=info) are not allowed.

Response

The response includes an array of finding objects, pagination metadata, and a count of items that match the query.

Each finding object contains the following:

• The finding ID that can be used in a GetFinding request to retrieve the full finding details.
• Core attributes, including status, evaluation, high-level resource details, muted state, and rule details.
• evaluation_changed_at and resource_discovery_date time stamps.
• An array of associated tags.

pub async fn list_security_filters( &self, ) -> Result<SecurityFiltersResponse, Error<ListSecurityFiltersError>>

Get the list of configured security filters with their definitions.

Examples found in repository

examples/v2_security-monitoring_ListSecurityFilters.rs (line 9)

async fn main() {
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api.list_security_filters().await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

pub async fn list_security_filters_with_http_info( &self, ) -> Result<ResponseContent<SecurityFiltersResponse>, Error<ListSecurityFiltersError>>

Get the list of configured security filters with their definitions.

pub async fn list_security_monitoring_rules( &self, params: ListSecurityMonitoringRulesOptionalParams, ) -> Result<SecurityMonitoringListRulesResponse, Error<ListSecurityMonitoringRulesError>>

List rules.

Examples found in repository

examples/v2_security-monitoring_ListSecurityMonitoringRules.rs (line 11)

async fn main() {
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api
        .list_security_monitoring_rules(ListSecurityMonitoringRulesOptionalParams::default())
        .await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

pub async fn list_security_monitoring_rules_with_http_info( &self, params: ListSecurityMonitoringRulesOptionalParams, ) -> Result<ResponseContent<SecurityMonitoringListRulesResponse>, Error<ListSecurityMonitoringRulesError>>

List rules.

pub async fn list_security_monitoring_signals( &self, params: ListSecurityMonitoringSignalsOptionalParams, ) -> Result<SecurityMonitoringSignalsListResponse, Error<ListSecurityMonitoringSignalsError>>

The list endpoint returns security signals that match a search query. Both this endpoint and the POST endpoint can be used interchangeably when listing security signals.

Examples found in repository

examples/v2_security-monitoring_ListSecurityMonitoringSignals.rs (line 11)

async fn main() {
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api
        .list_security_monitoring_signals(ListSecurityMonitoringSignalsOptionalParams::default())
        .await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

pub fn list_security_monitoring_signals_with_pagination( &self, params: ListSecurityMonitoringSignalsOptionalParams, ) -> impl Stream<Item = Result<SecurityMonitoringSignal, Error<ListSecurityMonitoringSignalsError>>> + '_

Examples found in repository

examples/v2_security-monitoring_ListSecurityMonitoringSignals_3960412991.rs (lines 12-14)

async fn main() {
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let response = api.list_security_monitoring_signals_with_pagination(
        ListSecurityMonitoringSignalsOptionalParams::default().page_limit(2),
    );
    pin_mut!(response);
    while let Some(resp) = response.next().await {
        if let Ok(value) = resp {
            println!("{:#?}", value);
        } else {
            println!("{:#?}", resp.unwrap_err());
        }
    }
}

pub async fn list_security_monitoring_signals_with_http_info( &self, params: ListSecurityMonitoringSignalsOptionalParams, ) -> Result<ResponseContent<SecurityMonitoringSignalsListResponse>, Error<ListSecurityMonitoringSignalsError>>

The list endpoint returns security signals that match a search query. Both this endpoint and the POST endpoint can be used interchangeably when listing security signals.

pub async fn list_security_monitoring_suppressions( &self, ) -> Result<SecurityMonitoringSuppressionsResponse, Error<ListSecurityMonitoringSuppressionsError>>

Get the list of all suppression rules.

Examples found in repository

examples/v2_security-monitoring_ListSecurityMonitoringSuppressions.rs (line 9)

async fn main() {
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api.list_security_monitoring_suppressions().await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

pub async fn list_security_monitoring_suppressions_with_http_info( &self, ) -> Result<ResponseContent<SecurityMonitoringSuppressionsResponse>, Error<ListSecurityMonitoringSuppressionsError>>

Get the list of all suppression rules.

pub async fn mute_findings( &self, body: BulkMuteFindingsRequest, ) -> Result<BulkMuteFindingsResponse, Error<MuteFindingsError>>

Mute or unmute findings.

Examples found in repository

examples/v2_security-monitoring_MuteFindings.rs (line 30)

async fn main() {
    let body = BulkMuteFindingsRequest::new(BulkMuteFindingsRequestData::new(
        BulkMuteFindingsRequestAttributes::new(
            BulkMuteFindingsRequestProperties::new(true, FindingMuteReason::ACCEPTED_RISK)
                .expiration_date(1778721573794),
        ),
        "dbe5f567-192b-4404-b908-29b70e1c9f76".to_string(),
        BulkMuteFindingsRequestMeta::new()
            .findings(vec![BulkMuteFindingsRequestMetaFindings::new().finding_id(
                "ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw==".to_string(),
            )]),
        FindingType::FINDING,
    ));
    let mut configuration = datadog::Configuration::new();
    configuration.set_unstable_operation_enabled("v2.MuteFindings", true);
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api.mute_findings(body).await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

pub async fn mute_findings_with_http_info( &self, body: BulkMuteFindingsRequest, ) -> Result<ResponseContent<BulkMuteFindingsResponse>, Error<MuteFindingsError>>

Mute or unmute findings.

pub async fn search_security_monitoring_signals( &self, params: SearchSecurityMonitoringSignalsOptionalParams, ) -> Result<SecurityMonitoringSignalsListResponse, Error<SearchSecurityMonitoringSignalsError>>

Returns security signals that match a search query. Both this endpoint and the GET endpoint can be used interchangeably for listing security signals.

Examples found in repository

examples/v2_security-monitoring_SearchSecurityMonitoringSignals.rs (lines 40-42)

async fn main() {
    let body =
        SecurityMonitoringSignalListRequest::new()
            .filter(
                SecurityMonitoringSignalListRequestFilter::new()
                    .from(
                        DateTime::parse_from_rfc3339("2019-01-02T09:42:36.320000+00:00")
                            .expect("Failed to parse datetime")
                            .with_timezone(&Utc),
                    )
                    .query("security:attack status:high".to_string())
                    .to(
                        DateTime::parse_from_rfc3339("2019-01-03T09:42:36.320000+00:00")
                            .expect("Failed to parse datetime")
                            .with_timezone(&Utc),
                    ),
            )
            .page(
                SecurityMonitoringSignalListRequestPage::new()
                    .cursor(
                        "eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ==".to_string(),
                    )
                    .limit(25),
            )
            .sort(SecurityMonitoringSignalsSort::TIMESTAMP_ASCENDING);
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api
        .search_security_monitoring_signals(
            SearchSecurityMonitoringSignalsOptionalParams::default().body(body),
        )
        .await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

pub fn search_security_monitoring_signals_with_pagination( &self, params: SearchSecurityMonitoringSignalsOptionalParams, ) -> impl Stream<Item = Result<SecurityMonitoringSignal, Error<SearchSecurityMonitoringSignalsError>>> + '_

Examples found in repository

examples/v2_security-monitoring_SearchSecurityMonitoringSignals_1309350146.rs (lines 32-34)

async fn main() {
    let body = SecurityMonitoringSignalListRequest::new()
        .filter(
            SecurityMonitoringSignalListRequestFilter::new()
                .from(
                    DateTime::parse_from_rfc3339("2021-11-11T10:56:11+00:00")
                        .expect("Failed to parse datetime")
                        .with_timezone(&Utc),
                )
                .query("security:attack status:high".to_string())
                .to(DateTime::parse_from_rfc3339("2021-11-11T11:11:11+00:00")
                    .expect("Failed to parse datetime")
                    .with_timezone(&Utc)),
        )
        .page(SecurityMonitoringSignalListRequestPage::new().limit(2))
        .sort(SecurityMonitoringSignalsSort::TIMESTAMP_ASCENDING);
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let response = api.search_security_monitoring_signals_with_pagination(
        SearchSecurityMonitoringSignalsOptionalParams::default().body(body),
    );
    pin_mut!(response);
    while let Some(resp) = response.next().await {
        if let Ok(value) = resp {
            println!("{:#?}", value);
        } else {
            println!("{:#?}", resp.unwrap_err());
        }
    }
}

pub async fn search_security_monitoring_signals_with_http_info( &self, params: SearchSecurityMonitoringSignalsOptionalParams, ) -> Result<ResponseContent<SecurityMonitoringSignalsListResponse>, Error<SearchSecurityMonitoringSignalsError>>

Returns security signals that match a search query. Both this endpoint and the GET endpoint can be used interchangeably for listing security signals.

pub async fn test_existing_security_monitoring_rule( &self, rule_id: String, body: SecurityMonitoringRuleTestRequest, ) -> Result<SecurityMonitoringRuleTestResponse, Error<TestExistingSecurityMonitoringRuleError>>

Test an existing rule.

Examples found in repository

examples/v2_security-monitoring_TestExistingSecurityMonitoringRule.rs (line 29)

async fn main() {
    let body = SecurityMonitoringRuleTestRequest::new().rule_query_payloads(vec![
        SecurityMonitoringRuleQueryPayload::new()
            .expected_result(true)
            .index(0)
            .payload(
                SecurityMonitoringRuleQueryPayloadData::new()
                    .ddsource("nginx".to_string())
                    .ddtags("env:staging,version:5.1".to_string())
                    .hostname("i-012345678".to_string())
                    .message(
                        "2019-11-19T14:37:58,995 INFO [process.name][20081] Hello World"
                            .to_string(),
                    )
                    .service("payment".to_string()),
            ),
    ]);
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api
        .test_existing_security_monitoring_rule("rule_id".to_string(), body)
        .await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

pub async fn test_existing_security_monitoring_rule_with_http_info( &self, rule_id: String, body: SecurityMonitoringRuleTestRequest, ) -> Result<ResponseContent<SecurityMonitoringRuleTestResponse>, Error<TestExistingSecurityMonitoringRuleError>>

Test an existing rule.

pub async fn test_security_monitoring_rule( &self, body: SecurityMonitoringRuleTestRequest, ) -> Result<SecurityMonitoringRuleTestResponse, Error<TestSecurityMonitoringRuleError>>

Test a rule.

Examples found in repository

examples/v2_security-monitoring_TestSecurityMonitoringRule.rs (line 69)

async fn main() {
    let body = SecurityMonitoringRuleTestRequest::new()
        .rule(
            SecurityMonitoringRuleTestPayload::SecurityMonitoringStandardRuleTestPayload(Box::new(
                SecurityMonitoringStandardRuleTestPayload::new(
                    vec![SecurityMonitoringRuleCaseCreate::new(
                        SecurityMonitoringRuleSeverity::INFO,
                    )
                    .condition("a > 0".to_string())
                    .name("".to_string())
                    .notifications(vec![])],
                    true,
                    "My security monitoring rule message.".to_string(),
                    "My security monitoring rule.".to_string(),
                    SecurityMonitoringRuleOptions::new()
                        .decrease_criticality_based_on_env(false)
                        .detection_method(SecurityMonitoringRuleDetectionMethod::THRESHOLD)
                        .evaluation_window(SecurityMonitoringRuleEvaluationWindow::ZERO_MINUTES)
                        .keep_alive(SecurityMonitoringRuleKeepAlive::ZERO_MINUTES)
                        .max_signal_duration(SecurityMonitoringRuleMaxSignalDuration::ZERO_MINUTES),
                    vec![SecurityMonitoringStandardRuleQuery::new()
                        .aggregation(SecurityMonitoringRuleQueryAggregation::COUNT)
                        .distinct_fields(vec![])
                        .group_by_fields(vec!["@userIdentity.assumed_role".to_string()])
                        .name("".to_string())
                        .query("source:source_here".to_string())],
                )
                .has_extended_title(true)
                .tags(vec!["env:prod".to_string(), "team:security".to_string()])
                .type_(SecurityMonitoringRuleTypeTest::LOG_DETECTION),
            )),
        )
        .rule_query_payloads(vec![SecurityMonitoringRuleQueryPayload::new()
            .expected_result(true)
            .index(0)
            .payload(
                SecurityMonitoringRuleQueryPayloadData::new()
                    .ddsource("source_here".to_string())
                    .ddtags("env:staging,version:5.1".to_string())
                    .hostname("i-012345678".to_string())
                    .message(
                        "2019-11-19T14:37:58,995 INFO [process.name][20081] Hello World"
                            .to_string(),
                    )
                    .service("payment".to_string()),
            )]);
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api.test_security_monitoring_rule(body).await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

pub async fn test_security_monitoring_rule_with_http_info( &self, body: SecurityMonitoringRuleTestRequest, ) -> Result<ResponseContent<SecurityMonitoringRuleTestResponse>, Error<TestSecurityMonitoringRuleError>>

Test a rule.

pub async fn update_security_filter( &self, security_filter_id: String, body: SecurityFilterUpdateRequest, ) -> Result<SecurityFilterResponse, Error<UpdateSecurityFilterError>>

Update a specific security filter. Returns the security filter object when the request is successful.

Examples found in repository

examples/v2_security-monitoring_UpdateSecurityFilter.rs (line 27)

async fn main() {
    // there is a valid "security_filter" in the system
    let security_filter_data_id = std::env::var("SECURITY_FILTER_DATA_ID").unwrap();
    let body = SecurityFilterUpdateRequest::new(SecurityFilterUpdateData::new(
        SecurityFilterUpdateAttributes::new()
            .exclusion_filters(vec![])
            .filtered_data_type(SecurityFilterFilteredDataType::LOGS)
            .is_enabled(true)
            .name("Example-Security-Monitoring".to_string())
            .query("service:ExampleSecurityMonitoring".to_string())
            .version(1),
        SecurityFilterType::SECURITY_FILTERS,
    ));
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api
        .update_security_filter(security_filter_data_id.clone(), body)
        .await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

pub async fn update_security_filter_with_http_info( &self, security_filter_id: String, body: SecurityFilterUpdateRequest, ) -> Result<ResponseContent<SecurityFilterResponse>, Error<UpdateSecurityFilterError>>

Update a specific security filter. Returns the security filter object when the request is successful.

pub async fn update_security_monitoring_rule( &self, rule_id: String, body: SecurityMonitoringRuleUpdatePayload, ) -> Result<SecurityMonitoringRuleResponse, Error<UpdateSecurityMonitoringRuleError>>

Update an existing rule. When updating cases, queries or options, the whole field must be included. For example, when modifying a query all queries must be included. Default rules can only be updated to be enabled, to change notifications, or to update the tags (default tags cannot be removed).

Examples found in repository

examples/v2_security-monitoring_UpdateSecurityMonitoringRule.rs (line 49)

async fn main() {
    // there is a valid "security_rule" in the system
    let security_rule_id = std::env::var("SECURITY_RULE_ID").unwrap();
    let body = SecurityMonitoringRuleUpdatePayload::new()
        .cases(vec![SecurityMonitoringRuleCase::new()
            .condition("a > 0".to_string())
            .name("".to_string())
            .notifications(vec![])
            .status(SecurityMonitoringRuleSeverity::INFO)])
        .filters(vec![])
        .is_enabled(true)
        .message("Test rule".to_string())
        .name("Example-Security-Monitoring-Updated".to_string())
        .options(
            SecurityMonitoringRuleOptions::new()
                .evaluation_window(SecurityMonitoringRuleEvaluationWindow::FIFTEEN_MINUTES)
                .keep_alive(SecurityMonitoringRuleKeepAlive::ONE_HOUR)
                .max_signal_duration(SecurityMonitoringRuleMaxSignalDuration::ONE_DAY),
        )
        .queries(vec![
            SecurityMonitoringRuleQuery::SecurityMonitoringStandardRuleQuery(Box::new(
                SecurityMonitoringStandardRuleQuery::new()
                    .aggregation(SecurityMonitoringRuleQueryAggregation::COUNT)
                    .distinct_fields(vec![])
                    .group_by_fields(vec![])
                    .metrics(vec![])
                    .query("@test:true".to_string()),
            )),
        ])
        .tags(vec![]);
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api
        .update_security_monitoring_rule(security_rule_id.clone(), body)
        .await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

examples/v2_security-monitoring_UpdateSecurityMonitoringRule_428087276.rs (line 71)

async fn main() {
    // there is a valid "cloud_configuration_rule" in the system
    let cloud_configuration_rule_id = std::env::var("CLOUD_CONFIGURATION_RULE_ID").unwrap();
    let body =
        SecurityMonitoringRuleUpdatePayload::new()
            .cases(
                vec![
                    SecurityMonitoringRuleCase::new()
                        .notifications(vec![])
                        .status(SecurityMonitoringRuleSeverity::INFO)
                ],
            )
            .compliance_signal_options(
                CloudConfigurationRuleComplianceSignalOptions::new()
                    .user_activation_status(Some(false))
                    .user_group_by_fields(Some(vec![])),
            )
            .is_enabled(false)
            .message("ddd".to_string())
            .name("Example-Security-Monitoring_cloud_updated".to_string())
            .options(
                SecurityMonitoringRuleOptions
                ::new().compliance_rule_options(
                    CloudConfigurationComplianceRuleOptions::new()
                        .rego_rule(
                            CloudConfigurationRegoRule::new(
                                r#"package datadog

import data.datadog.output as dd_output

import future.keywords.contains
import future.keywords.if
import future.keywords.in

milliseconds_in_a_day := ((1000 * 60) * 60) * 24

eval(iam_service_account_key) = "skip" if {
	iam_service_account_key.disabled
} else = "pass" if {
	(iam_service_account_key.resource_seen_at / milliseconds_in_a_day) - (iam_service_account_key.valid_after_time / milliseconds_in_a_day) <= 90
} else = "fail"

# This part remains unchanged for all rules
results contains result if {
	some resource in input.resources[input.main_resource_type]
	result := dd_output.format(resource, eval(resource))
}
"#.to_string(),
                                vec!["gcp_compute_disk".to_string()],
                            ),
                        )
                        .resource_type("gcp_compute_disk".to_string()),
                ),
            )
            .tags(vec![]);
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api
        .update_security_monitoring_rule(cloud_configuration_rule_id.clone(), body)
        .await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

pub async fn update_security_monitoring_rule_with_http_info( &self, rule_id: String, body: SecurityMonitoringRuleUpdatePayload, ) -> Result<ResponseContent<SecurityMonitoringRuleResponse>, Error<UpdateSecurityMonitoringRuleError>>

Update an existing rule. When updating cases, queries or options, the whole field must be included. For example, when modifying a query all queries must be included. Default rules can only be updated to be enabled, to change notifications, or to update the tags (default tags cannot be removed).

pub async fn update_security_monitoring_suppression( &self, suppression_id: String, body: SecurityMonitoringSuppressionUpdateRequest, ) -> Result<SecurityMonitoringSuppressionResponse, Error<UpdateSecurityMonitoringSuppressionError>>

Update a specific suppression rule.

Examples found in repository

examples/v2_security-monitoring_UpdateSecurityMonitoringSuppression.rs (line 23)

async fn main() {
    // there is a valid "suppression" in the system
    let suppression_data_id = std::env::var("SUPPRESSION_DATA_ID").unwrap();
    let body = SecurityMonitoringSuppressionUpdateRequest::new(
        SecurityMonitoringSuppressionUpdateData::new(
            SecurityMonitoringSuppressionUpdateAttributes::new()
                .suppression_query("env:staging status:low".to_string()),
            SecurityMonitoringSuppressionType::SUPPRESSIONS,
        ),
    );
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api
        .update_security_monitoring_suppression(suppression_data_id.clone(), body)
        .await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

pub async fn update_security_monitoring_suppression_with_http_info( &self, suppression_id: String, body: SecurityMonitoringSuppressionUpdateRequest, ) -> Result<ResponseContent<SecurityMonitoringSuppressionResponse>, Error<UpdateSecurityMonitoringSuppressionError>>

Update a specific suppression rule.

pub async fn validate_security_monitoring_rule( &self, body: SecurityMonitoringRuleValidatePayload, ) -> Result<(), Error<ValidateSecurityMonitoringRuleError>>

Validate a detection rule.

Examples found in repository

examples/v2_security-monitoring_ValidateSecurityMonitoringRule.rs (line 49)

async fn main() {
    let body =
        SecurityMonitoringRuleValidatePayload::SecurityMonitoringStandardRulePayload(Box::new(
            SecurityMonitoringStandardRulePayload::new(
                vec![
                    SecurityMonitoringRuleCaseCreate::new(SecurityMonitoringRuleSeverity::INFO)
                        .condition("a > 0".to_string())
                        .name("".to_string())
                        .notifications(vec![]),
                ],
                true,
                "My security monitoring rule".to_string(),
                "My security monitoring rule".to_string(),
                SecurityMonitoringRuleOptions::new()
                    .detection_method(SecurityMonitoringRuleDetectionMethod::THRESHOLD)
                    .evaluation_window(SecurityMonitoringRuleEvaluationWindow::THIRTY_MINUTES)
                    .keep_alive(SecurityMonitoringRuleKeepAlive::THIRTY_MINUTES)
                    .max_signal_duration(SecurityMonitoringRuleMaxSignalDuration::THIRTY_MINUTES),
                vec![SecurityMonitoringStandardRuleQuery::new()
                    .aggregation(SecurityMonitoringRuleQueryAggregation::COUNT)
                    .distinct_fields(vec![])
                    .group_by_fields(vec!["@userIdentity.assumed_role".to_string()])
                    .name("".to_string())
                    .query("source:source_here".to_string())],
            )
            .has_extended_title(true)
            .tags(vec!["env:prod".to_string(), "team:security".to_string()])
            .type_(SecurityMonitoringRuleTypeCreate::LOG_DETECTION),
        ));
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api.validate_security_monitoring_rule(body).await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

pub async fn validate_security_monitoring_rule_with_http_info( &self, body: SecurityMonitoringRuleValidatePayload, ) -> Result<ResponseContent<()>, Error<ValidateSecurityMonitoringRuleError>>

Validate a detection rule.

Trait Implementations

impl Clone for SecurityMonitoringAPI

fn clone(&self) -> SecurityMonitoringAPI

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for SecurityMonitoringAPI

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Default for SecurityMonitoringAPI

fn default() -> Self

Returns the “default value” for a type.